1. Technical Field
This invention relates generally to encryption of data, and more particularly, to the testing of an encryption function of a device under test.
2. Background Art
FIGS. 1-7 illustrate the operation of a device under test (DUT) which uses cipher block chaining for the encryption of a packet of data P1 in the form of a data string. The encrypted data issuing from the DUT is a function of (i) properties of the data packet (for example packet length), DUT settings, and security association (SA) properties, all of which are set and fixed (static) prior to operation of the DUT, and (ii) dynamic variables, i.e., initialization vectors, as will now be described.
Since the length of the packet data string P1 may be quite long, the DUT includes a segmentation function for breaking down the packet into a series of packet segment data strings, shown at P1S1, P1S2, P1S3, P1S4, so that packet segment size or length is less than the maximum packet size supported by the network.
The DUT in this example includes four encryption engines, noted at E0, E1, E2, E3. Each encryption engine includes an encryption algorithm, with each encryption engine E0, E1 including the encryption algorithm AES, while each encryption engine E2, E3 includes the encryption algorithm DES. The original packet data string P1 is associated with a security association (SA) property which indicates and determines the algorithm to be applied thereto (in the present example encryption algorithm AES), which indication is passed on and associated with each packet segment data string P1S1, P1S2, P1S3, P1S4.
Initially, each encryption engine has applied thereto a chosen and known initialization vector or key, for example, encryption engine E0 has applied to thereto initialization vector IVAES0, encryption engine E1 has applied thereto initialization vector IVAES1, encryption engine E2 has applied thereto initialization vector IVDES0, and encryption engine E3 has applied thereto initialization vector IVDES1.
A packet segment data string, for example, packet segment data string P1S1, is applied to a cross-switch (CSW) of the DUT (although the packet segment data string is indicated as the first data string to be applied to the CSW, the packet segment data strings can be applied in any order). As indicated above, this packet segment data string P1S1 is associated with SA property indicating the encryption algorithm to be applied to that data string. An input signal IS is applied to the CSW, which input signal IS is a function of the SA property indicating the encryption algorithm to be applied. For example, if the SA property indicates that algorithm AES is to be applied to a packet segment data string, the CSW will receive the data string and apply it to either encryption engine E0 or encryption engine E1, both of which include the encryption algorithm AES. The decision whether to select encryption engine E0 or encryption engine E1 depends on which such encryption engine is free for operation (if both encryption engines E0, E1 are free, the system is preset to select one of them—if both encryption engines E0, E1 are in use, the encryption engine which becomes free first is selected).
In the example shown in FIG. 1, the packet segment data string P1S1 is applied to the encryption engine E1, which has initialization vector IVAES1 applied thereto. Encrypted packet segment data string eP1S1, based on the encryption algorithm AES of the encryption engine E1, issues from the DUT, and has included therewith the initialization vector applied to the encryption engine E1, i.e., initialization vector IVAES1.
In a cipher block chaining system such as the present one, the application of an encryption algorithm of an encryption engine to a data string causes the initialization vector applied to that encryption engine to change to another value. Thus, as indicated in FIG. 2, encryption engine E0 has applied to thereto initialization vector IVAES0, and encryption engine E1 has applied thereto (new) initialization vector IVAES2 (encryption engines E2 and E3, which include encryption algorithm DES not used in the present example, are removed from the drawings for clarity).
Another packet segment data string, for example packet segment data string P1S2, is applied to the CSW. This data string P1S2 also is associated with SA property indicating that the encryption algorithm AES is to be applied thereto, as described above. Again, the CSW will receive the data string and apply it to either encryption engine E0 or E1 (both of which include the encryption algorithm AES), with the selection of encryption engine E0 or E1 based on the criteria described above.
With reference to FIG. 3, assuming that encryption engine E0 is selected, the packet segment data string P1S2 is applied to encryption engine E0, which has initialization vector IVAES0 applied thereto. The encryption engine E0 applies encryption algorithm AES to the packet segment data string P1S2, so that encrypted packet segment data string eP1S2, based on the encryption algorithm AES of the encryption engine E0, issues from the DUT, and has included therewith the initialization vector applied to the encryption engine E0, i.e., the initialization vector IVAES0.
As described above, the application of an encryption algorithm of encryption engine to a data string causes the initialization vector applied to that encryption engine to change to a new value. Thus, as indicated in FIG. 4, encryption engine E0 now has applied thereto (new) initialization vector IVAES3, and encryption engine E1 has applied thereto initialization vector IVAES2.
Next, another packet segment data string, for example packet segment data string P1S3, is applied to the CSW. This data string P1S3 also is associated with SA property indicating that the encryption algorithm AES is to be applied thereto, as described above. Again, the CSW will receive the data string P1S3 and apply it to either encryption engine E0 or E1 (both of which include the encryption algorithm AES), with the selection of encryption engine E0 or E1 based on the criteria described above.
With reference to FIG. 5, assuming that encryption engine E1 is selected, the packet segment data string P1S3 is applied to encryption engine E1, which has initialization vector IVAES2 applied thereto. The encryption engine E1 applies encryption algorithm AES to the packet segment data string P1S3, so that encrypted packet segment data string eP1S3, based on the encryption algorithm AES of the encryption engine E1, issues from the DUT, and also has include therewith the initialization vector applied to the encryption engine E1, i.e., initialization vector IVAES2.
As described above, the application of an encryption algorithm of encryption engine to a data string causes the initialization vector applied to that encryption engine to change to a new value. Thus, as indicated in FIG. 6, encryption engine E0 has applied thereto initialization vector IVAES3, and encryption engine E1 has applied thereto (new) initialization vector IVAES4.
Next, another packet segment data string, for example packet segment data string P1S4, is applied to the CSW. This data string P1S4 also is associated with SA property indicating that the encryption algorithm AES is to be applied thereto, as described above. Again, the CSW will receive the data string P1S4 and apply it to either encryption engine E0 or E1 (both of which include the encryption algorithm AES), with the selection of encryption engine E0 or E1 based on the criteria described above.
With reference to FIG. 7, assuming that encryption engine E1 is selected, the packet segment data string P1S4 is applied to encryption engine E1, which has initialization vector IVAES4 applied thereto. The encryption engine E1 applies encryption algorithm AES to the packet segment data string P1S4, so that encrypted packet segment data string eP1S4, based on the encryption algorithm AES of the encryption engine E1, issues from the DUT, and also has include therewith the initialization vector applied to the encryption engine E1, i.e., initialization vector IVAES4.
This example illustrates and describes the segmentation of a single packet data string P1, and the encryption of several packet segment data strings P1S1, P1S2, P1S3, P1S4 of that packet using several encryption steps. It will be understood that the actual operation takes place on a large number of packets each of which may well provide a large number of segments for encryption. In a simple example, let us assume a packet data string which is broken down into packet data segment strings P1S1, P1S2, P1S3, P1S4, with these packet data segment strings associated with SA property indicating that encryption algorithm AES is to be applied thereto, and packet segment data strings P1S5, P1S6, P1S7, P1S8, with these packet data segment strings associated with SA property indicating that encryption algorithm DES is to be applied thereto. For the system shown in FIGS. 1-7 and described above, a number of scenarios exist. For example, assuming the packet segment data strings are applied to the DUT in the order P1S1-P1S8, and the packet segment data string P1S1 is applied to the encryption engine E0, the possible scenarios for packet segment data strings P1S1-P1S4 are as follows:
FIRST POSSIBILITYSEGMENTP1S1P1S2P1S3P1S4ENCRYPTIONE0E0E0E0ENGINESECOND POSSIBILITYSEGMENTP1S1P1S2P1S3P1S4ENCRYPTIONE0E1E0E0ENGINETHIRD POSSIBILITYSEGMENTP1S1P1S2P1S3P1S4ENCRYPTIONE0E0E1E0ENGINEFOURTH POSSIBILITYSEGMENTP1S1P1S2P1S3P1S4ENCRYPTIONE0E0E0E1ENGINEFIFTH POSSIBILITYSEGMENTP1S1P1S2P1S3P1S4ENCRYPTIONE0E1E1E0ENGINESIXTH POSSIBILITYSEGMENTP1S1P1S2P1S3P1S4ENCRYPTIONE0E1E0E1ENGINESEVENTH POSSIBILITYSEGMENTP1S1P1S2P1S3P1S4ENCRYPTIONE0E0E1E1ENGINEEIGHTH POSSIBILITYSEGMENTP1S1P1S2P1S3P1S4ENCRYPTIONE0E1E1E1ENGINE
It will be remembered that it was assumed that the packet segment data string P1S1 was applied to encryption engine E0. The alternative is that the packet segment data string P1S1 was applied to encryption engine E1. Following the above analysis, this results in another eight possible scenarios (thus far total of 16 possibilities).
It will also be remembered that it was assumed that the packet segment data strings are applied to the DUT in the order P1S1-P1S8. However, the packet segment data strings can be applied to the DUT in any order. That is, the (four) packet segment data strings P1S1-P1S4 (to which the encryption algorithm AES is to be applied, i.e., the packet segment data strings P1S1-P1S4 are to be associated with encryption engines E0, E1) can be applied to the DUT in 4! or 4×3×2×1=24 possible orders. Thus, the possible total number of encryption variations for the packet segment data strings P1S1-P1S4 is 16×24=384.
Repeating this approach for packet segment data strings P1S5, P1S6, P1S7, P1S8 (associated with SA property indicating that encryption algorithm DES is to be applied thereto), another 384 possible scenarios are added, resulting in a total of 768 encryption variations.
It will readily be seen that the number of encryption possibilities is very large, even in the relatively simple situation described, i.e., a given packet segment data string to which the encryption algorithm AES is applied can take any one of 384 encrypted forms.
While it would be of course desirable to test the encryption function of the DUT for proper operation thereof, i.e., that the encrypted packet data string is as expected, the matching of resulting encrypted packet data segment against each of the possible encrypted forms is impractical, because of the very large number of possible encrypted forms.
Therefore, what is needed is a method for testing the encryption function of a device, which method is simple and effective in use.